Entries for the ‘Conferences’ Category

For those who don’t know, every year I put together a game that starts on the back of the LASCON badge. It’s typically some combination of crypto challenges alongside application security vulnerabilities with the goal of having it take somewhere around 1-3 hours, depending on experience, to complete. Those who complete the game are rewarded […]

The BSides Austin 2016 Mini-CTF began with the back of the badge. There was a large QR code which took a very long time for me to scan with my phone, and when I finally got it, it was just the numbers “07263584”. Not very useful. Below that, however, there was a string of letters and […]

Yesterday I finished competing in my first ever Capture The Flag (CTF) tournament. It was called Kommand and Kontroll Revenge of the Carders and was run by Rod Soto of Prolexic. I’m going to caveat this post by saying that this was my first ever CTF competition so I have absolutely no baseline of comparison. […]

O’Reilly’s Velocity conference is the only generalized Web ops and performance conference out there. We really like it; you can go to various other conferences and have 10-20% of the content useful to you as a Web Admin, or you can go here and have most of it be relevant! They’ve been doing some interim […]

This presentation was by Jason Macy and Mamoon Yunus of Crosscheck Networks – Forum Systems. It wins the award (the one I just made up) for being the most vendor-oriented presentation at the conference. Not that it wasn’t an interesting presentation, but their solution to defend against most of the attacks was “Use an XML […]

This presentation was by Boaz Belboard, the Executive Director of Information Security for Wireless Generation and the Project Leader for the OWASP Security Spending Benchmarks Project. My notes are below: It does cost more to produce a secure product than an insecure product. Most people will still shop somewhere, go to a hospital, or enroll […]

This presentation was by Keith Turpin from The Boeing Company. About three years ago, all of Boeing’s assessments were coming from outsourced service providers. They realized that they were unable to have control over the people and process and had difficulties integrating the controls into the SDLC and decided to bring these functions in house. […]

This presentation was by Robert “RSnake” Hansen and was designed to be a fun conversation to have over drinks with security people. I feel privileged to have been one of those security people who he talked about this with beforehand. A very interesting topic about the non-obvious threats that may or may not exist. […]

This presentation was by Dave WIchers, COO of Aspect Security and an OWASP Board Member. My notes are below: What’s Changed? It’s about Risks, not just vulnerabilities New title is: “The Top 10 Most Critical Web Application Security Risks” OWASP Top 10 Risk Rating Methodology Based on the OWASP Risk Rating Methodology, used to prioritize […]